Skip to content

Review upstream go-git dependency security/correctness update #214

Description

@pedrogaudencio

Problem

Gitea updated go-git in v1.26.2.

Git parsing and repository operations are core to Forkana. If the upstream dependency update includes security or correctness fixes, Forkana may benefit from it. However, dependency updates can have wider impact and should be reviewed carefully rather than blindly cherry-picked.

Upstream fix:

Solution

Review the upstream dependency update and determine whether Forkana should adopt it.

Address the following:

  • Compare Forkana’s current go-git version with upstream
  • Review the upstream PR and dependency changelog for security/correctness impact
  • Check whether the update requires code changes or only dependency changes
  • Run repository, migration, clone, fetch, and compare-related tests
  • Backport the update only if it is safe and relevant

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions